Archiv
Ansicht:   
Suche   erweiterte Suche

Nachricht aus dem Archiv

Christina [Gast] schrieb am 25.April.2010, 21:20:37 in der Kategorie pc.security

ave.exe Virus - getarnt als Windows Firewall / Vorgehen

entwarnung, habe gmer immer wieder versucht, bis es letztendlich kleinbei gegeben hat: der scan hat endlich funktioniert, hier ist das ergebnis :)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 20:18:07
Windows 6.0.6001 Service Pack 1
Running: hb8o4cug.exe; Driver: C:\\Users\\moi\\AppData\\Local\\Temp\\kfldypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E31CD0
INT 0x37 \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E310E8
INT 0x51 ? 84360BF8
INT 0x52 ? 856E7BF8
INT 0x62 ? 856E7BF8
INT 0x72 ? 856E7BF8
INT 0xB2 ? 84360BF8
INT 0xC1 \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E313D8
INT 0xD1 \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1DAA4
INT 0xD2 \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E1D01C
INT 0xDF \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E311C0
INT 0xE1 \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E31B40
INT 0xE3 \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E316D4
INT 0xFD \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E32100
INT 0xFE \\SystemRoot\\system32\\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81E3236C

---- Kernel code sections - GMER 1.0.15 ----

? System32\\Drivers\\spyh.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8A5B34CB 5 Bytes JMP 856E71D8
.text azwy6h1g.SYS 8E0EE000 22 Bytes [26, 12, E2, 81, 10, 11, E2, ...]
.text azwy6h1g.SYS 8E0EE017 126 Bytes [00, 32, 47, 7A, 80, 3D, 45, ...]
.text azwy6h1g.SYS 8E0EE096 18 Bytes JMP EA134481
.text azwy6h1g.SYS 8E0EE0A9 35 Bytes JMP E9F7A081
.text azwy6h1g.SYS 8E0EE0CE 10 Bytes [00, 00, 00, 00, 00, 00, F6, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; IDIV BYTE [ECX-0x25]; DEC ECX}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069A6D6] \\SystemRoot\\System32\\Drivers\\spyh.sys
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069A042] \\SystemRoot\\System32\\Drivers\\spyh.sys
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A800] \\SystemRoot\\System32\\Drivers\\spyh.sys
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8069A0C0] \\SystemRoot\\System32\\Drivers\\spyh.sys
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069A13E] \\SystemRoot\\System32\\Drivers\\spyh.sys
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortNotification] 9831BC8D
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortWritePortUchar] 33000000
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortWritePortUlong] 40C683C9
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortGetPhysicalAddress] C10FF041
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] FF45C60E
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8BA8EB01
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortReadPortUchar] 11890855
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortStallExecution] CB8BD08A
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortGetParentBusType] 0ACC87C7
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortRequestCallback] 00010000
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortWritePortBufferUshort] D6FF0000
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortGetUnCachedExtension] E8F475FF
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortCompleteRequest] FFFFF118
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortMoveMemory] 00FF7D80
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 0090850F
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 75FF0000
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E8006A08
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortReadPortUshort] 0001E60A
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 000081E9
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortInitialize] 087D8300
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortGetDeviceBase] BF7B7501
IAT \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS[ataport.SYS!AtaPortDeviceStateChange] [8E113FB0] \\SystemRoot\\System32\\Drivers\\azwy6h1g.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749D88B4] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A198A5] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749DB9D4] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749CFB47] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749D7A79] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749CEA65] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A0B17D] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749DBC9A] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749D074E] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749D06B5] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749C71B3] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A5D848] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749F7379] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749CE109] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipFree] [749C697E] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipAlloc] [749C69A9] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\\Windows\\Explorer.EXE[1740] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749D2465] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \\FileSystem\\Ntfs \\Ntfs 851211F8

AttachedDevice \\FileSystem\\Ntfs \\Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device \\Driver\\netbt \\Device\\NetBT_Tcpip_{87254A4F-7607-4FE3-A9A6-E4BAA85D7587} 85C0A1F8
Device \\Driver\\ACPI_HAL \\Device\\00000040 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \\Driver\\kbdclass \\Device\\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \\Driver\\kbdclass \\Device\\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \\Driver\\volmgr \\Device\\VolMgrControl 843621F8
Device \\Driver\\usbohci \\Device\\USBPDO-0 855AE1F8
Device \\Driver\\usbohci \\Device\\USBPDO-1 855AE1F8
Device \\Driver\\usbehci \\Device\\USBPDO-2 855AD1F8
Device \\Driver\\netbt \\Device\\NetBT_Tcpip_{275FABA2-4114-4B61-B21B-BE882CB42400} 85C0A1F8
Device \\Driver\\volmgr \\Device\\HarddiskVolume1 843621F8
Device \\Driver\\volmgr \\Device\\HarddiskVolume2 843621F8
Device \\Driver\\cdrom \\Device\\CdRom0 855D41F8
Device \\Driver\\volmgr \\Device\\HarddiskVolume3 843621F8
Device \\Driver\\cdrom \\Device\\CdRom1 855D41F8
Device \\Driver\\atapi \\Device\\Ide\\IdeDeviceP2T0L0-4 851201F8
Device \\Driver\\atapi \\Device\\Ide\\IdePort0 851201F8
Device \\Driver\\atapi \\Device\\Ide\\IdePort1 851201F8
Device \\Driver\\atapi \\Device\\Ide\\IdePort2 851201F8
Device \\Driver\\atapi \\Device\\Ide\\IdeDeviceP1T0L0-2 851201F8
Device \\Driver\\netbt \\Device\\NetBt_Wins_Export 85C0A1F8
Device \\Driver\\Smb \\Device\\NetbiosSmb 85BE31F8
Device \\Driver\\PCI_PNP6126 \\Device\\0000004c spyh.sys
Device \\Driver\\iScsiPrt \\Device\\RaidPort0 85600500
Device \\Driver\\sptd \\Device\\4226200135 spyh.sys
Device \\Driver\\usbohci \\Device\\USBFDO-0 855AE1F8
Device \\Driver\\usbohci \\Device\\USBFDO-1 855AE1F8
Device \\Driver\\usbehci \\Device\\USBFDO-2 855AD1F8
Device \\Driver\\azwy6h1g \\Device\\Scsi\\azwy6h1g1 855D9500
Device \\Driver\\azwy6h1g \\Device\\Scsi\\azwy6h1g1Port4Path0Target0Lun0 855D9500
Device \\FileSystem\\fastfat \\Fat 8605B500
Device \\FileSystem\\fastfat \\Fat 97EC845E

AttachedDevice \\FileSystem\\fastfat \\Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \\FileSystem\\cdfs \\Cdfs 85D321F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s1 771343423
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s2 285507792
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@h0 1
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04@p0 C:\\Program Files\\Alcohol Soft\\Alcohol 120\\
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04@ujdew 0xD8 0x4A 0x33 0xF0 ...
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001@ujdew 0xD2 0xB3 0x4B 0xAC ...
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001\\jdgg40
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001\\jdgg40@ujdew 0x5D 0xB5 0x09 0x2F ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04@p0 C:\\Program Files\\Alcohol Soft\\Alcohol 120\\
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04@ujdew 0xD8 0x4A 0x33 0xF0 ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001 (not active ControlSet)
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001@ujdew 0xD2 0xB3 0x4B 0xAC ...
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001\\jdgg40 (not active ControlSet)
Reg HKLM\\SYSTEM\\ControlSet003\\Services\\sptd\\Cfg\\0D79C293C1ED61418462E24595C90D04\\00000001\\jdgg40@ujdew 0x5D 0xB5 0x09 0x2F ...

---- Files - GMER 1.0.15 ----

File C:\\ADSM_PData_0150 0 bytes
File C:\\ADSM_PData_0150\\DB 0 bytes
File C:\\ADSM_PData_0150\\DB\\SI.db 624 bytes
File C:\\ADSM_PData_0150\\DB\\UL.db 16 bytes
File C:\\ADSM_PData_0150\\DB\\VL.db 16 bytes
File C:\\ADSM_PData_0150\\DB\\WAL.db 2048 bytes
File C:\\ADSM_PData_0150\\DB\\_avt 512 bytes
File C:\\ADSM_PData_0150\\DragWait.exe 315392 bytes executable
File C:\\ADSM_PData_0150\\_avt 512 bytes
File C:\\Program Files\\ASUS\\ASUS Data Security Manager\\driver\\x86 0 bytes
File C:\\Program Files\\ASUS\\ASUS Data Security Manager\\driver\\x86\\AsDsm.sys 29752 bytes executable
File C:\\Program Files\\ASUS\\ASUS Data Security Manager\\driver\\x86\\_avt 512 bytes

---- EOF - GMER 1.0.15 ----
Archiv
Ansicht:   
Suche   erweiterte Suche
Auf unserer Web-Seite werden Cookies eingesetzt, um diverse Funktionalitäten zu gewährleisten. Hier erfährst du alles zum Datenschutz